THE SQL Server Blog Spot on the Web

Welcome to - The SQL Server blog spot on the web Sign in | |
in Search

Kevin Kline

DBTA - Russian Hackers Steal 1.2b Internet Credentials: Or, Why the Heck Does this Keep Happening?!

I'm decidedly old-school in a few of my habits. My morning routine, barring anything out of the ordinary, is one such example. Typically, I'll get up between 6:30 to 7:00 am, grab my first cup of coffee, and then chat with my daughters for a few minutes before seeing them off to school. Next, I make a bowl of oatmeal (a great choice for diabetics like me), pour a second cup of coffee, and browse the local paper, The Tennessean, while I have breakfast. On the morning of August 5, I had the added pleasure of spewing said coffee and oatmeal all over my morning paper when I read the headlines: Russian gang stole 1.2 billion Net passwords.

Scanning the article, midway through the details, I saw that the hackers used good, ol’ fashioned SQL injection attacks. They target approximately 450,000 websites from small mom-and-pop shops to the very largest company websites. A bit later, I read more online from The New York Times article where the story first broke.

Their efforts brought in 4.5 billion records in total, each one containing a user name and password, resulting 1.2 billion unique accounts. And of those unique accounts, a little data processing found that there were about 542 million unique email address, since many people use the same user name and password on multiple accounts.

Read the rest of this article at!-99182.aspx

Published Wednesday, July 1, 2015 8:00 AM by KKline

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS



jerome said:

well... the developers still use the worst method: they store a password in a database. and most of them store the PWD in clear text!!! today there is no reason to store any account in a database. everybody should use an AD or/and an SSO method. I have never use an SQL database to store my user accounts. teachers in university, IT architects and other IT managers must train the developers correctly  (or must define good best practices) to avoid these issues. else a developer will choose the most simple path, and so the most unsecured one.

July 1, 2015 9:08 AM

KKline said:

Well said, Jerome!

July 2, 2015 8:44 AM

Wayne said:

It's unfair to stick this to the developers - this debacle belongs to the managers and the "C-suite", not the developers. Until they are willing to commit the finances and resources to do the job right (developer training, code review, testing, etc.), it will never be done right. Until a company can no longer buy insurance for these security issues, they won't have the incentive to do so... after all, it's cheaper to buy insurance than to do these other, responsible things.

IMO, this will never be done properly... not until the managers face mandatory jail time will the managers have the incentive to do the job done right.

Yes, developers need to learn how to do things the right way also. However, it is the managers job to ensure that the developer has been properly trained.

July 5, 2015 9:06 PM

dfherer said:

August 23, 2018 1:15 AM

obat batuk kronis said: Obat herbal kolesterol terbaik Obat Batuk Kronis Alami Terbaik Masker wajah alami untuk menghilangkan jerawat Obat liver alami aman dan terbaik Obat herbal sinusitis kronis terbaik Obat bronkitis anak secara alami Obat Kanker Payudara terbaru 2018 Cara meningkatkan nafsu makan secara alami Obat herbal diabetes menurunkan gula darah Obat herbal kusta terbaik Obat benjolan di leher tanpa operasi Obat Herbal Kanker Otak tuntas hingga akar Obat TBC alami aman tanpa efek samping Obat radang amandel sembuh tanpa operasi Obat asam urat alami tanpa efek sampinfg Obat tetes Sariawan secara alami Cara mengobati mata bengkak dengan cepat Obat tradisional kanker lambung terbaik Obat kanker paru paru Obat usus buntu alami tanpa operasi Obat asam lambung naik cara alami

August 27, 2018 8:22 PM

Leave a Comment


About KKline

Kevin Kline is a well-known database industry expert, author, and speaker. Kevin is a long-time Microsoft MVP and was one of the founders of PASS,

This Blog



Privacy Statement